On Fri, Apr 12, 2024 at 05:37:22PM -0400, Michael Richardson wrote: > > John Crispin <j...@phrozen.org> wrote: > >> using OP-TEE and fTPM. > > > pretty high on my list once we find the time > > > > https://trustedfirmware-a.readthedocs.io/en/latest/components/spd/index.html > > > https://trustedfirmware-a.readthedocs.io/en/latest/components/spd/optee-dispatcher.html > > Where you thinking about OP-TEE as the BL32, or were you thinking that we > could attempt this: > OP-TEE OS after boot via an SMC call by enabling the option for > OPTEE_ALLOW_SMC_LOAD
Imho only OP-TEE as BL32 really makes sense. Running U-Boot as secure OS is insane and nobody should be doing that, especially not on a SoC which can be brought up with TF-A BL2. > > my reading of this is that it only works if you securely boot a linux kernel. > If we had a securely boot (the u-boot checks the signature) linux kernel, > then nobody could change their kernel. > > -- > Michael Richardson <mcr+i...@sandelman.ca> . o O ( IPv6 IøT consulting ) > Sandelman Software Works Inc, Ottawa and Worldwide > > > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel